Description of problem: VM not in running state with nonroot VirtLauncher Pods with volumeMode as Filesystem and using a DV Version-Release number of selected component (if applicable): CNV-4.9.0 How reproducible: Always Steps to Reproduce: 1. With nonroot VirtLauncher Pods set in FeatureGates 2. with volumeMode as Filesystem ( ocs-cephfs or NFS or HPP ) 3. and using DV in the vm spec. Actual results: As seen below in additional details: a) Could not open '/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img': Permission denied b) VMI is stuck in Scheduled state Expected results: VMI should be in Running state. And we should be able to successfully login to the VMI. Additional info: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SuccessfulCreate 107s virtualmachine-controller Created virtual machine pod virt-launcher-vm2-rhel84-hpp-csgmb Normal SuccessfulCreate 107s disruptionbudget-controller Created PodDisruptionBudget kubevirt-disruption-budget-8rvhn Warning SyncFailed 101s virt-handler server error. command SyncVMI failed: "LibvirtError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: 2021-09-07T15:36:18.653187Z qemu-kvm: -blockdev {\"driver\":\"file\",\"filename\":\"/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img\",\"node-name\":\"libvirt-2-storage\",\"cache\":{\"direct\":false,\"no-flush\":false},\"auto-read-only\":true,\"discard\":\"unmap\"}: Could not open '/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img': Permission denied')" Warning SyncFailed 100s virt-handler server error. command SyncVMI failed: "LibvirtError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: 2021-09-07T15:36:19.451430Z qemu-kvm: -blockdev {\"driver\":\"file\",\"filename\":\"/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img\",\"node-name\":\"libvirt-2-storage\",\"cache\":{\"direct\":false,\"no-flush\":false},\"auto-read-only\":true,\"discard\":\"unmap\"}: Could not open '/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img': Permission denied')" Warning SyncFailed 100s virt-handler server error. command SyncVMI failed: "LibvirtError(Code=1, Domain=10, Message='internal error: process exited while connecting to monitor: 2021-09-07T15:36:19.061811Z qemu-kvm: -blockdev {\"driver\":\"file\",\"filename\":\"/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img\",\"node-name\":\"libvirt-2-storage\",\"cache\":{\"direct\":false,\"no-flush\":false},\"auto-read-only\":true,\"discard\":\"unmap\"}: Could not open '/var/run/kubevirt-private/vmi-disks/datavolumedisk1/disk.img': Permission denied')"
Potential duplicate of #2001984
The error seen in this bug is different to the bug referred in comment1 and hence separate bugs are filed.
Tried this with latest CNV 4.10 build downstream. See the below: a) With NFS storageclass ( DV + volumeMode: Filesystem ) b) ]$ oc get vm NAME AGE STATUS READY vm-rhel84-nfs 4m49s CrashLoopBackOff False c) We neither see a VMI nor a pod. It (the object) just doesn't exist.
]$ oc get kubevirt kubevirt-kubevirt-hyperconverged -n openshift-cnv -o yaml | grep -i NonRootExperimental - NonRootExperimental (cnv-tests) [kbidarka@localhost ocs]$ virtctl console vm-rhel84-nfs Successfully connected to vm-rhel84-nfs console. The escape sequence is ^] Red Hat Enterprise Linux 8.4 (Ootpa) Kernel 4.18.0-305.29.1.el8_4.x86_64 on an x86_64 Activate the web console with: systemctl enable --now cockpit.socket vm-rhel84-nfs login: cloud-user Password: Last login: Sun Dec 5 10:28:19 on ttyS0 [cloud-user@vm-rhel84-nfs ~]$ (cnv-tests) [kbidarka@localhost ocs]$ (cnv-tests) [kbidarka@localhost ocs]$ virtctl console vm-rhel84-ocs Successfully connected to vm-rhel84-ocs console. The escape sequence is ^] Red Hat Enterprise Linux 8.4 (Ootpa) Kernel 4.18.0-305.29.1.el8_4.x86_64 on an x86_64 Activate the web console with: systemctl enable --now cockpit.socket vm-rhel84-ocs login: cloud-user Password: Last login: Sun Dec 5 10:28:46 on ttyS0 [cloud-user@vm-rhel84-ocs ~]$ [cloud-user@vm-rhel84-ocs ~]$ (cnv-tests) [kbidarka@localhost ocs]$ This was tested with DataVolumes VERIFIED with container-native-virtualization/virt-operator/images/v4.10.0-123
VERIFIED With container-native-virtualization/virt-operator/images/v4.10.0-123
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0947